On Tue, 2006-01-31 at 20:49 +0100, Thorsten Scherf wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
general question: I have a Unix user called "foo" which I would like to
map to the SELinux User Identity "bar_u". In which file must I define
this mapping, so that every time the user "foo" logs in, the context is
set to "bar_u:[user_r_user_t]"?!
In rawhide/FC5, you would use semanage(8) to configure
the /etc/selinux/$SELINUXTYPE/seusers file (where SELINUXTYPE is defined
by /etc/selinux/config and is targeted by default in Fedora). Like
this:
/usr/sbin/semanage login -a -s bar_u foo
Then to list the current settings,
/usr/sbin/semanage login -l
This manipulates the seusers file in the module store and then
regenerates the installed file; don't edit that file directly.
--
Stephen Smalley
National Security Agency